Hi, I really miss the brute-force protection option in Bitwarden. Recently, I’ve seen a lot of forum posts about users being unable to log in to their accounts because they’ve had hundreds, even thousands, of login attempts. It would be great if it were possible to set up two-factor authentication that works BEFORE entering the password. Here’s an example of how it works in ente Auth. After proper configuration, after entering the email address, the next step is entering the code sent to the email address, then two-factor authentication in the form of a code from the authentication app or a U2F key, and only then entering the password. So, in ente Auth, password brute-force is practically impossible, because to do so, you first need to enter the code with @ and then complete two-factor authentication. In ente Auth, this option is completely optional, and it would be great if Bitwarden could also enable this protection as an option. What benefits will this bring compared to the current 2FA? 1. No more hundreds of failed login alerts if someone brute-forces. 2. Significantly reduced chance of brute-forcing. If the option mentioned above were implemented, logging in to Bitwarden would look like this: 1. Enter your email address, enter a code with @ or possibly another 2FA, enter your password + for greater security, a 2FA other than the one in step 1. Sorry for the language, I’m using a translator.
I changed the title of your post to more accurately reflect the feature that you are requesting (old title was: “Protection against brute force attacks”).
…so you would instead get hundreds, even thousands, of emails because someone is trying to brute force your account? Does not sound like a good idea to me.
Better to simply implement some kind of CAPTCHA on sign-ins and keep good password on Bitwarden account. Or just use Passkey to signin. Or just ignore the brute forcing attacks.